Android Police

Articles Tagged:

vulnerability

21
Security Vulnerability In Most Versions Of Android Allows Attackers To Steal Your Login Credentials

Security Vulnerability In Most Versions Of Android Allows Attackers To Steal Your Login Credentials

Regardless of where you sit in the tech world, there is one thing that affects us all: security vulnerabilities. Unfortunately, our little green robot is no exception this rule, and The Register recently dropped a report on a potentially bad exploit.

Apparently, in Android 2.3.3 and below, there is a vulnerability that would allow attackers to collect digital tokens that are stored on the device after users login to Google Calendar, Facebook, Twitter, and "several other accounts."

Read More
11
Skype App For Android Updated To 1.0.0.983, Fixes Personal Info Vulnerability And Adds 3G Calling In The U.S.

Skype App For Android Updated To 1.0.0.983, Fixes Personal Info Vulnerability And Adds 3G Calling In The U.S.

Skype released an update to its Android app this morning, remedying the vulnerability which exposed tons of personal info that we revealed last week. Our own Justin Case who originally found the issue has taken a look at the updated version of the app and confirmed that the exploit he developed to demonstrate the vulnerability no longer functions.

Specifically, Skype has changed the permissions of the databases (which contain the personal information) in question.

Read More
86
[Updated] Exclusive: Vulnerability In Skype For Android Is Exposing Your Name, Phone Number, Chat Logs, And A Lot More

[Updated] Exclusive: Vulnerability In Skype For Android Is Exposing Your Name, Phone Number, Chat Logs, And A Lot More

Update #1: Skype is investigating the issue, we've been told.

Update #2: Skype's official first response can be found here.

The safety of our personal information is often a concern of mine - who has my email address, my phone number, my date of birth? How can I keep my private information safe while still enjoying the internet? These concerns have prompted me to take a deeper look at Android apps more than once, and often this can yield some frightening information.

Read More
15
Yet Another Android Data-Stealing Vulnerability Uncovered, Affects All Versions Of The OS

Yet Another Android Data-Stealing Vulnerability Uncovered, Affects All Versions Of The OS

Last year, we reported on a serious vulnerability in all versions of Android, found by a security researcher Thomas Cannon. It allowed a remote attacker to download files off a user's SD card upon visiting a webpage with malicious JavaScript code embedded in it. Google's response was swift, and the fix was rolled out in the public release of Gingerbread at the end of 2010.

A new report from eWeek came out today stating that another researcher, Xuxian Jiang, this time from North Carolina State University, stepped forward with a tweak to the very same vulnerability Google reportedly patched.

Read More
2
New Vulnerability Affecting All Versions Of Android Allows Unauthorized Remote SD Card Access

New Vulnerability Affecting All Versions Of Android Allows Unauthorized Remote SD Card Access

A new vulnerability that affects every Android device currently on the market was discovered and published today by Thomas Cannon, an information and security researcher. The hole in the way the Android browser treats Javascript allows a remote attacker to lure an unsuspecting victim to a malicious web page, which then downloads and executes rogue Javascript with access to the local SD card's file system. While the locations of files on the SD card needs to be known by the attacker in advance, it still represents a clear problem due to many popular applications storing data in the same location.

Read More
6
2.2.1 Update For Nexus One Breaks Universal Androot, Swype, And Other Aftermarket Keyboards

2.2.1 Update For Nexus One Breaks Universal Androot, Swype, And Other Aftermarket Keyboards

A few days ago, the code for the Nexus One's 2.2.1 update went AOSP (Android Open Source Project), meaning that the source code became available to developers. It was comprised mostly of bugfixes and other things that weren't major... oh, and it also patched the exploits that allowed Universal Androot to unlock your device. We had a short conversation about it on Twitter with Cyanogen (the conversation starts at the bottom and goes up):

Image 9

As if breaking Universal Androot wasn't enough, apparently the new update also prevents existing installations of Swype and some other aftermarket keyboards from working.

Read More
Mastodon